According to a research report from cybersecurity solutions firm Trend Micro, Twitter users call the fake phone number provided, believing they are speaking with the intended company’s help desk, which results in the caller either sharing credit card information or installing malicious content on their computer.
Trend Micro says this is often part of a multi-platform strategy along with YouTube, Facebook, Telegram and other channels to improve SEO for fake tech support websites linked to the Twitter accounts, boosting their search rankings.
“Social media is an inescapable part of modern life, and our new research shines an important light on how it’s being used positively by the security community, and abused by criminals,” said Jon Oliver, Director and Data Scientist, Trend Micro.
“We hope by making these abuses known, both businesses and consumers can be vigilant to not become victims of such attacks.”
Trend Micro says that while criminals are using the social network for bad, threat researchers can leverage the power of social media for good.
Most notably, Twitter is used for monitoring vulnerability disclosures to inform patch prioritisation, and scanning for indicators of compromise, threat detection rules, and other contextual information to boost threat intelligence, Trend Micro cautions.
Trend Micro has recommended that users confirm the validity of a Twitter account by checking the company’s website directly, rather than through the account, and that it is also important for security teams to validate Twitter data when leveraging it for investigations or threat intelligence.